ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2014.0549
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2014-0549)
Resumen:	The remote host is missing an update for the 'axis' package(s) announced via the MGASA-2014-0549 advisory.
Descripción:	Summary: The remote host is missing an update for the 'axis' package(s) announced via the MGASA-2014-0549 advisory. Vulnerability Insight: Updated axis packages fixes security vulnerability: It was discovered that Axis incorrectly extracted the host name from an X.509 certificate subject's Common Name (CN) field. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate (CVE-2014-3596). Affected Software/OS: 'axis' package(s) on Mageia 4. Solution: Please install the updated package(s). CVSS Score: 5.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2014-3596 1030745 http://www.securitytracker.com/id/1030745 61222 http://secunia.com/advisories/61222 69295 http://www.securityfocus.com/bid/69295 RHSA-2014:1193 http://rhn.redhat.com/errata/RHSA-2014-1193.html [axis-java-dev] 20190503 [jira] [Comment Edited] (AXIS-2905) Insecure certificate validation CVE-2014-3596 https://lists.apache.org/thread.html/de2af12dcaba653d02b03235327ca4aa930401813a3cced8e151d29c%40%3Cjava-dev.axis.apache.org%3E [axis-java-dev] 20190503 [jira] [Commented] (AXIS-2905) Insecure certificate validation CVE-2014-3596 https://lists.apache.org/thread.html/44d4e88a5fa8ae60deb752029afe9054da87c5f859caf296fcf585e5%40%3Cjava-dev.axis.apache.org%3E [axis-java-dev] 20190907 [jira] [Commented] (AXIS-2905) Insecure certificate validation CVE-2014-3596 https://lists.apache.org/thread.html/8aa25c99eeb0693fc229ec87d1423b5ed5d58558618706d8aba1d832%40%3Cjava-dev.axis.apache.org%3E [axis-java-dev] 20190909 [jira] [Commented] (AXIS-2905) Insecure certificate validation CVE-2014-3596 https://lists.apache.org/thread.html/5e6c92145deddcecf70c3604041dcbd615efa2d37632fc2b9c367780%40%3Cjava-dev.axis.apache.org%3E [axis-java-dev] 20190909 [jira] [Resolved] (AXIS-2905) Insecure certificate validation CVE-2014-3596 https://lists.apache.org/thread.html/a308887782e05da7cf692e4851ae2bd429a038570cbf594e6631cc8d%40%3Cjava-dev.axis.apache.org%3E [oss-security] 20140820 CVE-2014-3596 - Apache Axis 1 vulnerable to MITM attack http://www.openwall.com/lists/oss-security/2014/08/20/2 apache-axis-cve20143596-spoofing(95377) https://exchange.xforce.ibmcloud.com/vulnerabilities/95377 http://linux.oracle.com/errata/ELSA-2014-1193.html https://issues.apache.org/jira/browse/AXIS-2905 https://www.oracle.com/security-alerts/cpujan2020.html openSUSE-SU-2019:1497 http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00007.html openSUSE-SU-2019:1526 http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00022.html
Copyright	Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.